Overview

File _patchinfo of Package patchinfo.31172

<patchinfo incident="31172">
  <issue tracker="bnc" id="1205726">VUL-0: CVE-2021-33621: ruby: HTTP response splitting in CGI</issue>
  <issue tracker="bnc" id="1209891">VUL-0: CVE-2023-28755: ruby2.5,ruby3.1,ruby3.2,rubygem-uri: ReDoS vulnerability in URI</issue>
  <issue tracker="bnc" id="1193035">VUL-0: CVE-2021-41817: ruby2.1, ruby2.5, ruby2.7, ruby3.0: Regular Expression Denial of Service Vulnerability of Date Parsing Methods</issue>
  <issue tracker="bnc" id="1209967">VUL-0: CVE-2023-28756: ruby: ReDoS vulnerability in Time</issue>
  <issue tracker="cve" id="2021-33621"/>
  <issue tracker="cve" id="2021-41817"/>
  <issue tracker="cve" id="2023-28756"/>
  <issue tracker="cve" id="2023-28755"/>
  <packager>darix</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ruby2.5</summary>
  <description>This update for ruby2.5 fixes the following issues:

- CVE-2023-28755: Fixed a ReDoS vulnerability in URI. (bsc#1209891)
- CVE-2023-28756: Fixed an expensive regexp in the RFC2822 time parser. (bsc#1209967)
- CVE-2021-41817: Fixed a Regular Expression Denial of Service Vulnerability of Date Parsing Methods. (bsc#1193035)
- CVE-2021-33621: Fixed a HTTP response splitting vulnerability in CGI gem. (bsc#1205726)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places